Akamai Our Thinking Intro Image

Akamai Research

The State of the Internet

Making sense of the new age of information security

State of the Internet
???Watch the Video???

Most Recent Security Report

2019 State of the Internet / Security: Financial Services Attack Economy

Attacks on financial services institutions are growing in both quantity and sophistication. Our new State of the Internet / Security report studies criminal behavior across this advanced and expansive financial services attack economy: from a popular authentication mechanism for staging credential stuffing attacks to the use of stolen identities to cash out ill-gotten gains. The report identifies leading DDoS and application-layer attack vectors, lucrative phishing variants, and how criminals stage decoy attacks to distract from their real targets. Attacks that prove successful in financial services often move on to other industries. Download the report, and see what petabytes of data tell us.

Past Security Reports

2019 State of the Internet / Security: Web Attacks and Gaming Abuse

Criminals go where the money is. And these days, there’s real money to be stolen in the virtual world of gaming. Our latest State of the Internet / Security report delves into the growing popularity of credential stuffing attacks against the gaming industry. In one 17-month period, we counted 12 billion attacks. We went over to the darknet and found some surprising reasons why. We also found another surprise in our study: Two vectors account for nearly 90% of all web application attacks. Also in this issue, Akamai CMO Monique Bonner shares three unexpected observations about security professionals.

2019 State of the Internet / Security: Credential Stuffing - Attacks and Economies (Special Media Report)

This special issue of the “State of the Internet / Security” report focuses on the hundreds of millions of credential stuffing attacks that occur each day, especially those aimed at video, gaming, entertainment, and other media organizations. The report describes tools and tutorials available online at little or no cost to criminals seeking to exploit stolen username/password or email/password combinations, including All-in-One (AIO) applications such as SNIPR. It also looks at the thriving darknet marketplaces for stolen accounts, a virtual shopping mall for credential abuse attackers. Akamai security researchers also recommend methods to reduce the threat of credential stuffing attacks.

2019 State of the Internet / Security: Retail Attacks and API Traffic

This issue of State of the Internet / Security provides insightful security research and intelligence into three security risks many organizations may overlook. First, a survey of API traffic reveals that APIs now account for 83% of all hits, while HTML traffic has fallen to 17% of traffic. Second, research into DNS traffic reveals that IPv6 traffic may be underreported; many systems capable of IPv6 still show a preference for IPv4. Lastly, our look at credential abuse and the botnets that abuse retailer inventories shows that this is a rising problem that needs attention.

2019 State of the Internet / Security: DDoS and Application Attacks

Sometimes a DDoS or web application attack isn’t. We saw 875,000 POST requests per second targeting a customer in Asia and uncovered the real cause — so you can avoid it. The State of the Internet / Security DDoS and Application Attacks report provides insightful security research and intelligence. Learn about the evasion tactics attackers use to circumvent bot management defenses. We mined job postings to identify the skill sets they seek to help you understand your threat environment. Take time out for mental health with information on how mitigate the risk of stress and burnout in your security team.

2018 State of the Internet / Security: A Year in Review

Akamai has spent the past year researching and analyzing web security events, threats in development, and attacks large and small. For our 2018 State of the Internet / Security: A Year in Review report, we present the biggest of these stories and some of our more fascinating research that you might have missed. From the record-breaking memcached attack to low-and-slow longtail exploits, we look at DDoS, credential stuffing, phishing, and more, including law enforcement efforts and the adversarial economy. A letter from CSO Andy Ellis also identifies trends that are likely to shape 2019.

2018 State of the Internet / Security – Credential Stuffing Attacks Report

The 2018 State of the Internet / Security - Credential Stuffing Attacks report is based on more than 8.3 billion malicious login attempts that occurred on the Akamai Intelligent Edge Platform between May and June 2018. It examines the latest botnet tactics and trends - including target industries and countries, as well as deep dives into a pair of multi-day, multi-botnet credential stuffing attacks at two financial institutions with very different approaches. It also explores why credential stuffing attacks are on the rise and the need for organizations to improve their bot defense.

Summer 2018 State of the Internet / Security: Web Attacks Report

The Summer 2018 security report is about change: what’s new and unusual in DDoS attacks, where are the surprising data patterns, and how should enterprises and security professionals prepare for the unexpected. Looking back at November 2017 to April 2018, as well as year-over-year changes, Akamai analysts identified data trends that spotlight the new and unfamiliar. The Summer 2018 State of the Internet / Security: Web Attacks report covers atypical attack methods, credential abuse attacks and law enforcement prosecution of DDoS-for-hire platforms. Guest writer Rik Ferguson also explores future threat scenarios.

Spring 2018 State of the Internet / Carrier Insights Report

The importance of information sharing in the battle against cyber threats.
Collaboration and data sharing are important topics in our latest report. Security in 2018 is a collaborative effort:No single solution and no single team has all the data, tools, or knowledge required to generate meaningful intelligence from the multitude of signals being recorded every second of every day. The State of the Internet / Security: Carrier Insights, Spring 2018 draws from six months of data to cover the following topics: collaboration, zero day domains, malware evolution, and Mirai.